Campaign says cybersecurity measures prevented hacking but disclosure raises renewed fears of foreign interference
Kamala Harris’s presidential campaign has confirmed it was warned by the FBI it had been targeted by a foreign influence campaign, triggering renewed fears over foreign interference in US elections.
The disclosure – reported by NBC – came after Donald Trump’s campaign claimed it had been hacked in an email phishing attempt, suspected to have been carried out by Iran.
The FBI has confirmed in a statement it is investigating foreign hacking attempts against the campaigns.
their methods are indeed significantly more sophisticated than that. explaining them accurately, however is beyond my knowledge… and i’m a principal engineer that deals with security quite regularly
They use different heuristics to make their best guess, and to give themselves a confidence score.
Some indicators include whether groups refuse to target certain targets, what time zones correspond with their highest activity levels, types of linguistic or grammatical markers they use, including grammatical errors (a native Russian speaker makes different types of English mistakes as a native Chinese speaker), keyboard layouts, types of punctuation, etc.
From there, watching their techniques can kinda reveal what other groups they might learn from or cross pollinate with.
Everything can be spoofed, of course, but maintaining a false persona for a long time is hard, and often not worth doing.
The best example of attribution I know of was the 2018 Winter Olympics. This was shortly after the Russian doping scandal. Russia basically made a press release and said “The Olympics is going to be hacked, people are going to blame us for it but it totally isn’t us.” The hack happened, and it bore some of the hallmark signs of Russian hackers. However, it also had signs of being Chinese and also North Korean. They basically used techniques from every major nation state hacking group to cover their tracks. In the end it was still pinned on Russia, because one of the command and control servers previously had an IP address used in a Russian cyber attack on Ukraine. The indictment was also juicy, the US called the hacking group “petulant children”.
There’s a Darknet Diaries episode that covers it and goes into more detail:
Darknet Diaries: 77: Olympic Destroyer
Episode webpage: https://darknetdiaries.com/episode/77
Media file: https://www.podtrac.com/pts/redirect.mp3/dovetail.prxu.org/7057/290978c7-55c1-43df-ac19-2cb89f96994d/b5a200ec-adad-431b-b227-c2c1dfdb01f8.mp3